Home > Research > Publications & Outputs > Cracking Android pattern lock in five attempts

Electronic data

  • paper

    Accepted author manuscript, 5 MB, PDF-document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

View graph of relations

Cracking Android pattern lock in five attempts

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Published

Standard

Cracking Android pattern lock in five attempts. / Ye, Guixin; Tang, Zhanyong; Fang, Dingyi; Chen, Xiaojiang; Kim, Kwang In; Taylor, Ben; Wang, Zheng.

Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17). Reston VA : Internet Society, 2017.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Harvard

Ye, G, Tang, Z, Fang, D, Chen, X, Kim, KI, Taylor, B & Wang, Z 2017, Cracking Android pattern lock in five attempts. in Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17). Internet Society, Reston VA.

APA

Ye, G., Tang, Z., Fang, D., Chen, X., Kim, K. I., Taylor, B., & Wang, Z. (2017). Cracking Android pattern lock in five attempts. In Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17) Reston VA: Internet Society.

Vancouver

Ye G, Tang Z, Fang D, Chen X, Kim KI, Taylor B et al. Cracking Android pattern lock in five attempts. In Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17). Reston VA: Internet Society. 2017

Author

Ye, Guixin ; Tang, Zhanyong ; Fang, Dingyi ; Chen, Xiaojiang ; Kim, Kwang In ; Taylor, Ben ; Wang, Zheng. / Cracking Android pattern lock in five attempts. Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17). Reston VA : Internet Society, 2017.

Bibtex

@inproceedings{9d47cd22a76a4cf0b35caaf8f1a2f102,
title = "Cracking Android pattern lock in five attempts",
abstract = "Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. This paper presents a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer vision algorithm to track the fingertip movements to infer the pattern. Using the geometry information extracted from the tracked fingertip motions, our approach is able to accurately identify a small number of (often one) candidate patterns to be tested by an adversary. We thoroughly evaluated our approach using 120 unique patterns collected from 215 independent users, by applying it to reconstruct patterns from video footage filmed using smartphone cameras. Experimental results show that our approach can break over 95{\%} of the patterns in five attempts before the device is automatically locked by the Android operating system. We discovered that, in contrast to many people’s belief, complex patterns do not offer stronger protection under our attacking scenarios. This is demonstrated by the fact that we are able to break all but one complexpatterns (with a 97.5{\%} success rate) as opposed to 60{\%} of the simple patterns in the first attempt. Since our threat model is common in day-to-day life, this paper calls for the community torevisit the risks of using Android pattern lock to protect sensitive information.",
author = "Guixin Ye and Zhanyong Tang and Dingyi Fang and Xiaojiang Chen and Kim, {Kwang In} and Ben Taylor and Zheng Wang",
year = "2017",
month = "2",
day = "26",
language = "English",
isbn = "1891562460",
booktitle = "Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17)",
publisher = "Internet Society",

}

RIS

TY - GEN

T1 - Cracking Android pattern lock in five attempts

AU - Ye, Guixin

AU - Tang, Zhanyong

AU - Fang, Dingyi

AU - Chen, Xiaojiang

AU - Kim, Kwang In

AU - Taylor, Ben

AU - Wang, Zheng

PY - 2017/2/26

Y1 - 2017/2/26

N2 - Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. This paper presents a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer vision algorithm to track the fingertip movements to infer the pattern. Using the geometry information extracted from the tracked fingertip motions, our approach is able to accurately identify a small number of (often one) candidate patterns to be tested by an adversary. We thoroughly evaluated our approach using 120 unique patterns collected from 215 independent users, by applying it to reconstruct patterns from video footage filmed using smartphone cameras. Experimental results show that our approach can break over 95% of the patterns in five attempts before the device is automatically locked by the Android operating system. We discovered that, in contrast to many people’s belief, complex patterns do not offer stronger protection under our attacking scenarios. This is demonstrated by the fact that we are able to break all but one complexpatterns (with a 97.5% success rate) as opposed to 60% of the simple patterns in the first attempt. Since our threat model is common in day-to-day life, this paper calls for the community torevisit the risks of using Android pattern lock to protect sensitive information.

AB - Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. This paper presents a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer vision algorithm to track the fingertip movements to infer the pattern. Using the geometry information extracted from the tracked fingertip motions, our approach is able to accurately identify a small number of (often one) candidate patterns to be tested by an adversary. We thoroughly evaluated our approach using 120 unique patterns collected from 215 independent users, by applying it to reconstruct patterns from video footage filmed using smartphone cameras. Experimental results show that our approach can break over 95% of the patterns in five attempts before the device is automatically locked by the Android operating system. We discovered that, in contrast to many people’s belief, complex patterns do not offer stronger protection under our attacking scenarios. This is demonstrated by the fact that we are able to break all but one complexpatterns (with a 97.5% success rate) as opposed to 60% of the simple patterns in the first attempt. Since our threat model is common in day-to-day life, this paper calls for the community torevisit the risks of using Android pattern lock to protect sensitive information.

M3 - Conference contribution/Paper

SN - 1891562460

BT - Proceedings 2017 Network and Distributed System Security Symposium 2017 (NDSS'17)

PB - Internet Society

CY - Reston VA

ER -